Home > DLP, IP/Data Leakage > Intellectual Property/Data Leakage/Content Monitoring & Protection – Another Feature, NOT a Market.

Intellectual Property/Data Leakage/Content Monitoring & Protection – Another Feature, NOT a Market.

Besides having the single largest collection of vendors that begin with the letter ‘V" in one segment of the security space (Vontu, Vericept, Verdasys, Vormetric…what the hell!?) it’s interesting to see how quickly content monitoring and protection functionality is approaching the inflection point of market versus feature definition.

The "evolution" of the security market marches on.

Known by many names, what I describe as content monitoring and protection (CMP) is also known as extrusion prevention, data leakage or intellectual property management toolsets.  I think for most, the anchor concept of digital rights management (DRM) within the Enterprise becomes glue that makes CMP attractive and compelling; knowing what and where your data is and how its distribution needs to be controlled is critical.

The difficulty with this technology is the just like any other feature, it needs a delivery mechanism.  Usually this means yet another appliance; one that’s positioned either as close to the data as possible or right back at the perimeter in order to profile and control data based upon policy before it leaves the "inside" and goes "outside."

I made the point previously that I see this capability becoming a feature in a greater amalgam of functionality;  I see it becoming table stakes included in application delivery controllers, FW/IDP systems and the inevitable smoosh of WAF/XML/Database security gateways (which I think will also further combine with ADC’s.)

I see CMP becoming part of UTM suites.  Soon.

That being said, the deeper we go to inspect content in order to make decisions in context, the more demanding the requirements for the applications and "appliances" that perform this functionality become.  Making line speed decisions on content, in context, is going to be difficult to solve. 

CMP vendors are making a push seeing this writing on the wall, but it’s sort of like IPS or FW or URL Filtering…it’s going to smoosh.

Websense acquired PortAuthority.  McAfee acquired Onigma.  Cisco will buy…?


Categories: DLP, IP/Data Leakage Tags:
  1. April 8th, 2007 at 08:10 | #1

    Chris – not to beat a dead horse here, but so this functionality is going to be smooshed into a combined delivery. I say, great one less stand alone appliance. But the functionality is still going to be there helping people and people will still make decisions on what amalgam has this feature and how well it is implemented. I am not sure what the issue is. I think security technologies moving from stand alone products into features of the next generation of security is very much the natural order or "evolution" of things and the way it should be. Is your point that stand alone data leakage companies go away? If so, maybe yes or maybe no. As you say Cisco will buy one to keep up with the security Joneses. Other people will make deals with Cisco's competition.
    So, I guess I am not sure what you are finding unique or unnatural about this whole process. We could just as easily substitute NAC for data leakage, same thing.

  2. April 8th, 2007 at 08:32 | #2

    Hi Chris,
    I worked for Vormetric as their European SE a few years back, and I have to say that this is very true. It's already happening, NetApp bought Decru in 2004, EMC now own RSA, IBM are snapping up little security vendors all the time.
    Although Vormetric's solution remains the best standalone encryption solution I've ever used, I spoke with a Product Manager at Quantum last month, who said "you don't get to the table these days unless you have encryption built in". This is the first step towards UTM of course.
    The difference we will be seeing for the time being therefore is the quality of available solutions.
    We may end up with another appliance, but as you say, it needs to be close to the data. You also point out a need for being at the perimeter to control data "escaping". Really, data needs both of these. Data has to be treated differently whether in storage or "on the move".
    I even see DRM as a different technology to CMP, it is so different from a data point of view. I think Rich Mogull, who I know is a friend of yours, also calls it CMP, which I have referred to a number of times in recent presentations and reports. Naming it so makes another step towards UTM.
    To control it properly in storage you need to know who and what is accessing it too, which should also be applied at the perimeter.
    Also, data security is not "complete" yet, as perimeter UTM may be said to be. Encryption, WORM, and even DRM are all understood to quite a large degree, but what about data-centric integrity, tying encryption to access controls, hardware versus software WORM… oh and does anyone know about MPEG-21, RDF, the Semantic Web, and how we're going to apply all of this there?
    This is a very interesting topic that I hope to catch up with you on at InfoSec.

  3. April 8th, 2007 at 10:33 | #3

    I think I finally understand your disconnect here. I'm not suggesting that anything is "unnatural" or "unique" about this activity other than the fact that there is a collision course of certain functions that I am leading up to.
    You attached the perception that somehow I think that any of this convergence or "smoosh" is bad…I don't think that it is at all. You'll recall that in my other "feature vs. market post" that NAC was on the list as was data leakage, so yes, one can easily substitute these "ingredients" for one another.
    That was the point of my first post.
    Some companies are born to be acquired and from the outset are features. That's what has fed some of these instant oatmeal "markets" that are perceived as disappointing people because they didn't cure world hunger…I used NAC to illustrate this previously.
    On the other hand, I don't think that the specific combination of some of these features is obvious, which is why I'm trickling these points in with a couple of proof points.
    I'm leading up to something, but believe it or not, I'm not trying to be controversial at all, so instead of giving yourself heartburn, stop looking for that.

  4. April 9th, 2007 at 13:06 | #4

    I agree with your post, Chris. Lets face it, the only reason data leakage became all the rage in the press was for two reasons; it sounds like a bad accident (creates opportunity for rubber-necking), and they're looking for something to take the place of NAC to hype up.
    FYI – I moved my old computer to the garage. Didn't want any data leakage on the carpet in my house.

  5. April 9th, 2007 at 14:06 | #5

    Data Leak Vendors Should Publish SDKs

    Christopher Hoff opines that content monitoring and protection (CMP) is a feature rather than a market justifying its own device in the network. Evidence of the fact can be seen as larger vendors swallow up CMP vendors to add to their feature s…

  6. April 9th, 2007 at 18:06 | #6

    Data Leak Vendors Should Publish SDKs

    Christopher Hoff opines that content monitoring and protection (CMP) is a feature rather than a market justifying its own device in the network. Evidence of the fact can be seen as larger vendors swallow up CMP vendors to add to their feature s…

  7. May 26th, 2007 at 06:18 | #7

    Here's something I've always wondered. One trick Leakage vendors use to sell their boxes is to put them in production for a month and let you see what sort of data you are "leaking". You put the box in and after a month you've got this 300 page report of all sorts of nasty information that you shouldn't really be seeing.
    So bear with me on this – if they find all this leaky data in a month, and presumably your month is representative of normal traffic, the where are all your past incidents? If you're really leaking that much data, shouldn't there be tons and tons of incidents?

  8. google
    August 17th, 2011 at 17:56 | #8

    I liked your article is an interesting technology
    thanks to google I found you

  1. No trackbacks yet.